Cryptography is the science of securing information by rendering it unreadable to everyone except the intended recipient of the information. Cryptography also provides a mechanism to ensure that a message is authentic and unmodified. Information that has been cryptographically rendered unreadable may be described as “encrypted,” and conversely, unreadable information that is unscrambled and again rendered into readable form may be described as “decrypted.” The process of encrypting and decrypting information using traditional cryptographic methods employs at least one piece of information commonly called a “key” because it is used to “unlock” an encrypted message. Cryptography has traditionally been of great importance to persons seeking to communicate secretly. Applications of cryptography range from the protection of private records to secure payment systems.
Symmetric cryptography describes a system of encrypting and decrypting information using the same secret key to perform both encryption and decryption. There are numerous symmetric cryptographic methods, having various characteristics including relative strength, speed of computation, and convenience. The one-time pad offers security that is considered to be unbreakable. However, all symmetric cryptographic methods share a common problem, namely the need to privately and securely exchange information about the symmetric key.
Secure key exchange methods are used to exchange secret cryptographic keys. A traditional solution to this problem is to physically deliver the key via a secure courier. Another method is to use public key cryptography to exchange a symmetric key. Methods of public key cryptography are well known. Yet another method for securely exchanging keys is quantum cryptography.
Quantum cryptography is a technique for the private and secure distribution of a key for use in subsequent encryption and decryption. Quantum cryptography is built upon the principles of quantum mechanics, according to which there is statistical uncertainty regarding the properties of a photon. Furthermore, principles of quantum mechanics require that the act of observing a series of randomly oriented photons necessarily will affect some of the observed photons. This principle is used in quantum cryptography to securely exchange keys, because in observing the states of the transmitted photons, an eavesdropper will detectably corrupt the states of the transmitted photons.
Quantum cryptography (hereinafter, referred to as “QC”) key distribution uses individual photons to convey keying information between two devices. In conventional QC techniques, these two devices are directly connected by an optical path, either via directly attached fiber that runs between the devices, or by free-space optical paths. In essence, one device sends a stream of individual photons directly from itself to another device. The transmitted photons have randomly selected quantum bases. Then various protocols are used in order to agree on the quantum state conveyed via these photons and hence to agree on shared keying data. A very high degree of protection is provided by quantum cryptography—in essence, QC key distribution techniques make it impossible for an eavesdropper to gain information about the exchanged cryptographic key without being detected.
Conventional QC technology has a drawback, however, that it is primarily a point-to-point key distribution technique. That is, when an intermediate piece of networking equipment such as a switch is introduced into a quantum cryptography path, the operator of the networking equipment can undetectably break the security of the key exchange. Therefore, known systems require intervening network devices to be brought into the same trusted domain as the endpoint devices, meaning that the network devices must participate in and understand the key distribution process. This is undesirable in many ways, as systems are generally much more secure when users can employ encryption techniques that do not require trusted active participation of additional entities.
The inventor has thus proposed methods and systems for distributing a secret key between two user devices based on the QC principle, over a potentially insecure network using untrusted switches, in U.S. patent application Ser. No. 09/944,328, filed on Aug. 31, 2001, entitled “Quantum Cryptographic Key Distribution Networks with Untrusted Switches,” and in U.S. patent application Ser. No. 09/943,709 filed on Aug. 31, 2001, entitled “Systems and Methods for Path Set-Up in a Quantum Key Distribution Network,” each of which is expressly incorporated in its entirety herein by reference. In accordance with this proposed methods and systems, the untrusted switches that transfer keying information along a quantum cryptography path are unable to read or alter the contents of any communication between endpoint devices. The untrusted switches in the network can therefore be operated by a person or organization with whom the users of the network do not want to share their secrets in order to communicate securely.